MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 594f5a127c687c69e117e621aa0ea590520fbe05dae0b4606b3c28c381e7ab9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 594f5a127c687c69e117e621aa0ea590520fbe05dae0b4606b3c28c381e7ab9e
SHA3-384 hash: 23acdc179fe1425db74614f0de3e98b55b3b496e20ddf0dee5b277b4ae0d590ca2418470d1e8e277734a1bd03dad1b88
SHA1 hash: d6bdf7b7c9c9cf9502f89b96efd202ebe8c1c8ce
MD5 hash: 1cbd296f1c392919da0a2c230a0ecdb3
humanhash: hotel-nuts-arizona-violet
File name:New price.rar
Download: download sample
Signature Formbook
Create hunting rule
File size:255'118 bytes
First seen:2021-01-14 20:22:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ia8R86PW/dhS3/iZMhVuxbq47UG2Oepg/X/YLS633+By:7aXWS3DVu84IGSpcgLS6r
TLSH AD442396997375BB6EBFCFB4ED015A4C342CBC36AD5DC392B280E2247205839036965B
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing Formbook:

HELO: alnassar.com.sa
Sending IP: 162.244.93.110
From: Ghulam Mohiuddin <mpadayachee@glenrandmib.co.za>
Reply-To: mpadayachee@glenrandmib.co.za
Subject: 1401#_our new price
Attachment: New price.rar (contains "inn.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
161
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/594f5a127c687c69e117e621aa0ea590520fbe05dae0b4606b3c28c381e7ab9e/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 08:43:45 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lfhvuet4nb6gtyix4yq2udvfsbja7pqf3lqliydlhqumhaphvopa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/594f5a127c687c69e117e621aa0ea590520fbe05dae0b4606b3c28c381e7ab9e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

rar 594f5a127c687c69e117e621aa0ea590520fbe05dae0b4606b3c28c381e7ab9e

(this sample)

Formbook

Executable exe 8aecd1adbf0fe3c5e9e40c19893c1ca3464ed8e0502bfdb4acb871b95009f956

  
Dropping
MD5 fb4693dd2160e94606e349abfc64dcb9
  
Dropping
Formbook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8aecd1adbf0fe3c5e9e40c19893c1ca3464ed8e0502bfdb4acb871b95009f956

Comments